WebApp Sec mailing list archives
Re: Proposal to anti-phishing
From: Rogan Dawes <discard () dawes za net>
Date: Fri, 14 Jan 2005 17:19:07 +0100
Don Tuer wrote:
Two phased authentication is good for security but some obvious disadvantages include: - Cost of hardware tokens - Cost of distribution - Cost of managing hardware - Complexity and user training Also will the user need to return their token for replacement if they forget the PIN? Thanks Don
In fact, if the token is read-only as suggested, will they even be ABLE to change their PIN?
Rogan
-----Original Message-----From: Rafael San Miguel [mailto:smcsoc () yahoo es] Sent: Wednesday, January 12, 2005 4:37 AMTo: webappsec () securityfocus com Cc: Enrique.Diez () dvc es Subject: Proposal to anti-phishing Hi all, I am currently working on a security design that involves an innovative strategy to combat phishing. I have something in mind that seems to work allright.
> Also, the token is PIN-protected to > prevent unauthorized use. >
The program is in read-only memory so that it can't be modified by anything external to it.
-- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Proposal to anti-phishing Rafael San Miguel (Jan 14)
- RE: Proposal to anti-phishing Don Tuer (Jan 14)
- Re: Proposal to anti-phishing Rishi Pande (Jan 15)
- RE: Proposal to anti-phishing RSnake (Jan 15)
- RE: Proposal to anti-phishing Lyal Collins (Jan 16)
- RE: Proposal to anti-phishing Frank Knobbe (Jan 19)
- RE: Proposal to anti-phishing Lyal Collins (Jan 19)
- RE: Proposal to anti-phishing Sam Koh (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
- RE: Proposal to anti-phishing Don Tuer (Jan 14)
- RE: Proposal to anti-phishing WebAppSecurity [Technicalinfo.net] (Jan 15)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 15)
- RE: Proposal to anti-phishing Lyal Collins (Jan 16)
- Re: Proposal to anti-phishing Moksha Faced (Jan 19)
- RE: Proposal to anti-phishing Lyal Collins (Jan 19)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
- RE: Proposal to anti-phishing Lyal Collins (Jan 19)
- Re: Proposal to anti-phishing Cory Foy (Jan 23)
- Re: Data sanitization approaches in Java Jeff Williams (Jan 16)